[PATCH bpf-next v1 06/13] bpf: lsm: Init Hooks and create files in securityfs
KP Singh
kpsingh at chromium.org
Fri Jan 3 23:53:13 UTC 2020
On 30-Dez 11:20, Kees Cook wrote:
> On Mon, Dec 30, 2019 at 04:37:11PM +0100, KP Singh wrote:
> > On 23-Dec 22:28, Andrii Nakryiko wrote:
> > > On Fri, Dec 20, 2019 at 7:43 AM KP Singh <kpsingh at chromium.org> wrote:
> > > [...]
> >
> > Good catch! You're right. These macros will not be there in v2 as
> > we move to using trampolines based callbacks.
>
> Speaking of which -- is the BPF trampoline code correctly designed to be
> W^X?
Thanks for pointing this out!
I don't think this is the case as of now.
The dispatcher logic and the tracing programs allocate one page where
one half of it is used for the active trampoline and the other half is
used as a staging area for a future replacement. I sent a patch as an
attempt to fix this:
https://lore.kernel.org/bpf/20200103234725.22846-1-kpsingh@chromium.org/T/#u
- KP
>
> --
> Kees Cook
More information about the Linux-security-module-archive
mailing list